Two days. Seven companies. A snapshot of the application-development market.

The trip in and around Boston’s Route 128 high-tech corridor began with a stop in Waltham at Verivo Software, which offers a software-mobility platform that enables customers to create, deploy and manage applications across multiple devices.

But before getting into details, a few overarching themes emerged over the two days. Developing applications for multiple mobile devices and the cloud seems to be what the enterprise customers of these software tool providers want. They want to know how they can build apps that run well on all sorts of tablets and smartphones, and how they can manage access, security, performance and more.

Second, these companies see this as their growth opportunity for the near future. Of the companies visited, two had just moved into new, bigger, ultramodern office spaces. Another was waiting for furniture and equipment to move into a contiguous space that added about another 9,000 square feet of space. And still another has taken up its current space within the year.

All this moving and construction was meant to accommodate more employees, and to give them the space they need to work comfortably, to collaborate (every wall is a whiteboard) and to relax. In one back-to-the-future moment, two developers were seen playing foosball in a kitchen area near an outside patio with great views of the changing New England foliage.

Mobility on three pegs
Verivo was founded in 2001, creating enterprise CRM applications for PalmPilot and Windows CE devices used in financial institutions, and then building an underlying platform that gave the company the ability to deliver tailored applications and updates in a more flexible, agile way.

Today, according to Chris Willis, Verivo’s CMO, there are hundred of millions of devices in use, and he said 75% of employees will be mobile by next year. They will need back-end data connectivity, not just to their own company’s data, but also to third-party analytics and other services. Further, companies will need to manage those applications for compliance and security.

Thus, Verivo has created a mobility platform on three pegs: AppStudio, the company’s no-code, drag-and-drop development environment; Verivo Server, for enterprise management services and connectivity; and a client collection that delivers the mobile applications to specific devices.

Marc Rosenbaum, director of sales engineering for Verivo, demonstrated configuring an application in AppStudio by dragging screens into a console and selecting mappings to data sources. “You build the app centrally, define it once, and the application is deployed by platform desired,” he said. “Once an app is on the device, changes come down as data. There’s no need to re-download.”

Data for the app is pulled from such disparate data sources as SAP or Siebel systems, news feeds, weather feeds, or whatever the developer desires, into a customizable front end. Users can choose to present contacts, for example, in an alphabetical list form, or as pins on a map that users can “pinch” to expand or shrink depending upon the desired views. Further, all styles and colors (for buttons, grids, backgrounds, logos, etc.) can be selected, defined or changed as required, he said. This kind of configurable application, he noted, can be updated on the fly in a seamless way, and the user will automatically have those changes the next time he or she opens the application.

“We are fully native,” he said. “The controls you use are native, and behave how the API dictates and how users expect.”
Pushing security onto developers
The second stop (after a fine lunch in the cafeteria of an office building in Waltham) was at Veracode, maker of code-analysis software for ensuring that applications don’t have vulnerabilities.

Veracode recently acquired Marvin Mobile, whose expertise in software vulnerabilities reaches into mobile devices. The importance of this, according to Veracode vice president of research Chris Eng, was brought to light by the recent leaks of personal information from mobile applications.

“BYOD [Bring your own device] is the new space people are having trouble with,” he said. “Apps are being brought into the workplace, and users are receiving downloads and updates” on devices that are also being used for work.

One of the questions that arises in discussions of software security—and why, after being written about and talked about for a decade, common techniques such as cross-site scripting and buffer overflows are still effective—centers on who in the application life cycle ultimately is responsible for security.

“Organizations are pushing accountability onto developers,” Eng said. This, he noted, is also important in organizations that are doing agile development and continuous delivery. “Developers need to learn what the issues in software are so as not to have to go through a whole test cycle,” which slows down the process of delivering software, he said.

Eng said he has seen organizations take the approach of passing fixes down to subsequent sprints, depending upon the length of the sprint. Organizations, he said, must decide which fixes are critical and which can wait till the next drop, since agile development means a fix can get out in a matter of weeks rather than months. He recommended that companies have someone from the development security team—or “security champions” created by the organization for their development teams—be in on each sprint kickoff to ensure security is a consideration throughout development.

Marvin Mobile’s technology, Eng said, gives Veracode the ability to scan devices for malicious applications, to run apps in a sandbox before sending them out to devices, and to check devices to see what they are connecting to. But he said that machine learning is a critical piece, as the technology can identify malware, then variances of that malware or new malware based on similar behaviors.

Veracode was to release a report on the state of security around the end of October.
A five-pillar cloud strategy
Next up was Perfecto Mobile, a company that has created a cloud-based platform for testing applications on a variety of mobile devices. A tour of the company’s Woburn-based data center revealed a proprietary piece of hardware that enabled smartphones to be cradled into rack servers, so testers using Perfecto’s cloud platform can test their applications against the actual devices, not merely emulators. Tablets also were plugged in to the servers, and could be hot-swapped in and out as needed.

Eran Yaniv, CEO and one of the founders of the company, said the company was founded in December 2006 and launched its MobileCloud product in 2009, built on five pillars: real devices, cloud architecture, cross-device automation with the understanding that manual tools are also required, covering the mobile application life cycle end-to-end, and extending existing application life-cycle management to mobile.

With a technology Yaniv called ScriptOnce, “Test engineers can create tests and run them on any handset without changes,” he said.  In its data center, the company can run any of 500 devices to test against, though Android and iOS devices are most popular.

Perfecto Mobile has partnered with HP, and its technology is integrated with HP’s QuickTest Professional product, providing for functional and regression testing of mobile apps within QTP, Yaniv said.

The next direction for the company, he said, is application monitoring. “The idea,” he explained, “is for companies to be able to develop, test, deploy and monitor mobile applications and services with confidence.”

(In the days after our meeting, Perfecto Mobile was able to secure an additional US$15 million in venture funding to continue building out the platform.)
Making use of “innersourcing”
After the briefing, the tour rolled into a restaurant, where a meeting with Black Duck Software’s EVP of marketing and business development Peter Vescuso, and director of developer product marketing Dave Gruber, turned the discussion, naturally, to open-source software. Black Duck helps organizations manage the use of open-source code and projects in their products.

But more than simply bringing open-source software into an organization, Vescuso and Gruber spoke about bringing open-source practices and methods into the organization.

Using the term “innersourcing” to describe this, Vescuso said organizations could benefit from adopting open-source practices such as peer review, transparent communications and decisions, eliminating barriers to communication, and volunteerism. The success of GitHub, the social coding phenomenon, is due in large part to its peer-review process, Gruber said. Volunteerism is another area in which companies can derive creativity and innovation.

“You have people in your organization who, because of their expertise, are working in one area, but they might like to contribute to a project in another area, that would benefit that project and the company,” Gruber explained. “It’s like moonlighting in our own company.”

Of course, Vescuso noted, “There are great political and cultural challenges for doing this internally.” But he said Red Hat, which sells a Linux distribution along with other software tools, is on board with the innersourcing concept and that they both hope to bring this to greater light.
Innovation in XML
The day began with rain, and meetings at the Cummings Center in Beverly, which had been a dilapidated former shoe machine factory before being renovated into modern office space.

The merging of old and new is an apt metaphor for the first meeting, with CEO Alexander Falk and his team at Altova. The company has been long known for its association with XML, the standard for data interchange over the Internet. The company’s XMLSpy product, as well as its MissionKit suite of tools, keeps up with OMG and W3C specifications that “have reached a certain level of maturity but are still being developed out,” Falk said, such as UML (now at 2.4) and XMI (also at 2.4).

Altova’s tools also adhere to the SysML, XBRL and XML Schema standards, as well as XQuery 3.0 and XMLDB, which is now installed by default at Oracle. “There is no XML conference or focused publication, but every day you’re creating XML files,” Falk said. “There are always new standards that come and go. Remember, XForms was to be the end of XML, but HTML5 became the successful standard. So we have to follow the trends in the standards as we continue to innovate.”

Part of that innovation includes the addition of Smart Fix in XMLSpy, which finds inconsistences and errors in XML, then suggests remediation. Also, a new Java wrapper now allows those developers to incorporate Altova tools—data maps, for instance—in their applications, Falk explained. In addition, Altova has added a spell-checker that’s CamelCase-aware, and has added support for Eclipse 4.2, JSON and the latest XBRL taxonomies.

The company’s MapForce tool, created for any-to-any data mapping, now has support for SQL-stored procedures, and includes a new API for integration with Java programs, according to Peter O’Kelly, product marketing manager and evangelist at Altova. He also noted that Altova’s StyleVision tool for presenting reports in different formats now can insert watermarks into those reports. “It’s based on XPath, but we take a wizard-driven approach,” he said.

Altova is also looking to the future, with new server tools (FlowForce, along with MapForce) now out in beta with a tentative early 2013 release date, Falk said. He described the offering as a server-based data-integration and validation platform. “You can take a MapForce mapping [and] send it to the FlowForce server to process and deploy,” he said. “It has strong features for job scheduling, like changes in currency exchange rates.”

The company also is introducing a new cloud service for project management, task tracking and collaboration. MetaTeam is in preview release now, with early users putting the software through its paces and providing feedback. “We want to encourage good management of teams, not just another kanban or flavor-of-the-month board,” said David Kershaw, Altova’s vice president of cloud services. From the browser, managers can find a project (referred to as a team), add people to it, assign tasks, organize business roles, and organize business decision-makers by setting up agendas and criteria for decisions, which can then be voted on in the console, he explained. The software also allows for threaded discussions along the way, and enables alerting is tasks change or there is a dependency.

“As development and IT management become more distributed, you need a higher level of abstraction than putting a Gantt chart on the wall,” said Kershaw.
Growing off of software quality
Feeling as if a part of some life-sized video game, I navigated through the Cummings Center maze. After a while, the doors to the SmartBear offices finally appeared. (Actually, they were doors to the space SmartBear will be occupying when it is completed.)

SmartBear is in the business of selling tools for software quality. The company was founded in 2003 and was rooted in peer code review. Its first product, Code Historian, let developers find changes in code files, and the company grew with its then-flagship product, CodeCollaborator. Since then, the company has undergone a complete transformation both in executive leadership and its product line, and the 2010 acquisitions of testing companies Automated QA and Pragmatic Software led to the “new” SmartBear, with an emphasis on user-centric quality life-cycle management.

SmartBear too sees mobile and Web-deployed applications as the fastest-growing segment of the development market, and believes its notion of driving software quality throughout the application life cycle positions the company to take advantage of this shift.

“Code review is an effective way of removing defects early in the process,” said Ian McLeod, SmartBear’s chief product officer. “It’s important to get it right the first time, because [software] goes out so quickly, monitoring [code] is so important.”

Another key to taking advantage of agile development, and development of applications for multiple platforms, is the ability to automate tests, something SmartBear’s broad tool suite can offer. “It’s shocking how much manual testing is still going on,” said Betty Zakheim, SmartBear’s vice president of product strategy. “I mean, this is a problem that’s been solved for a while now.”
Learning what makes applications tick
Finally, into Boston, where a converted Summer Street warehouse holds the offices of Apperian, a 4-year-old company that has built a Platform-as-a-Service for mobile application management.

Called EASE (Enterprise App Services Environment), the platform is built for enterprises, said Carlos Montero-Luque, the company’s CTO. “Companies didn’t have a good way to deploy private applications to their workforce,” he said. Issues with the application’s content, user access and back-end connectivity made these deployments challenging.

The concept of mobile application management involves acquiring the application, understanding its behavior, securing it, managing all of its aspects, and finally deploying it, Montero-Luque explained. EASE includes APIs for importing content, and once in the platform, administrators can inspect, secure, extend, personalize and analyze the applications, and then engage with the workforce. Organizations can do as much or as little of the above as desired, or as dictated by compliance needs.

“You find that organizations in industries with a lot of regulatory oversight will do more of this than companies not as heavily regulated,” said Alan Murray, senior vice president of products.

The platform enables users to run reports on application usage, and to learn details of the devices those applications will be running on (such as networks they run on, or connectivity). Further, users can rate the apps, or be selected for beta tests, or be asked to “crowdsource” work, Murray said.

An example he gave was Estée Lauder, which engaged with Apperian to help roll out 15,000 iPad kiosks in stores across the United States and abroad that would help women decide which cosmetics would be best for them. “They designed the app but wanted us to help them secure the devices and secure the apps. People tend to want to do more with the iPads than the company wanted them to,” Murray said. The result was that by enabling self-service (“Women won’t lie to a kiosk like they might to a store adviser,” he said), sales increased dramatically, and now Estée Lauder is looking to add a sales checkout feature to the kiosks as well, he added.

“Mobility,” Montero-Luque added, “lets you work with people on a different level than before.”

That is something the two-day tour of Boston’s high-tech corridor confirmed.